Problem with PEAP and LDAP
Carlos Martínez-Troncoso Cera
cmartinez at uninorte.edu.co
Wed Aug 24 17:58:41 CEST 2005
We are trying to use FreeRadius with PEAP and LDAP.
Our access point is a 3Com 8750, is talking with a FreeRadius 1.0.4,
Freeradius talks with LDAP
(Sun One Messaging Server 5.1) and our PEAP clients are Windows XP and 2000.
First we configured FreeRadius with LDAP, it works well, then we tried
to use this with EAP, it works when
we use local users, but when we try to authenticate and authorize PEAP
users in LDAP, it doesn´t work.
The error is:
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 5
rlm_mschap: Told to do MS-CHAPv2 for cmartinez with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 5
modcall: group Auth-Type returns reject for request 5
I was looking how Sun ONE stores the passwords, it uses SSHA (Salted
Secure Hashing Algoritm),
I think this is the problem, because I suposse it looks for NT-LM
Hashing passwords, what can I do and where can I find info about it?
Thank you in advance.
More information about the Freeradius-Users